Matthew H. Meade
Matthew Meade on Personally Identifiable Information (PII)
Matthew Meade, a member of Eckert Seamans' Data Security & Privacy Group and Pittsburgh office, discusses personally identifiable information (PII) and why it is the main focus of data breaches.WATCH VIDEO
Matt Meade concentrates his practice in the area of data security providing advice to clients regarding data breaches, information and records management, and other areas concerning data security. Matt helps clients identify business risks associated with the use and storage of sensitive information. He regularly guides clients through security incident investigations, analysis, communications, and, if necessary, responding to regulatory inquiries and litigation. He advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy, and security. He also prepares document retention and management policies and develops associated training programs.
Matt speaks and writes regularly on data security matters and serves on The Sedona Conference Working Group Series Leadership Council, after previously serving on the Steering Committee for Working Group II on Data Security and Privacy, through which lawyers, judges, policy makers, security experts, technologists, and business leaders work together to identify and develop principles and best practices to constructively resolve issues surrounding data security and privacy liability. Matt has served as a Co-Chair of the ABA’s First, Second, and Third Annual National Cybersecurity Institute (2016-2018).
- Advised numerous entitles, including healthcare providers, manufacturers, retailers, schools, financial services companies, county governments and collection agency on information security breach notification procedures and development of post breach corrective action plans.
- Coordinated response to multi-state security breaches, ransomware, and hacking incidents with local and federal law enforcement, and United States Attorney.
- Performed comprehensive review and subsequent revisions of all security policies for leading hospitality provider and then provided data security training to managers and executives on subjects covered in policies.
- On behalf of a healthcare automation solutions provider, obtained dismissal of claims arising from the theft of an employee’s laptop computer containing protected health information, on grounds that court lacked subject matter jurisdiction because plaintiff failed to adequately allege injury-in-fact.
- Conducted employee cyber training sessions in hospitality, education, healthcare, manufacturing, insurance, and financial sectors.
- Organized, ran, and oversaw tabletop mock data breach scenarios for multiple organizations including universities, energy companies, banks, insurance companies, and healthcare organizations.
- Developed cyber training for board of directors of community bank and manufacturing company.
- Conducted comprehensive review of security implications of agent agreements for provider of homeowner’s insurance.
- Prepared and reviewed company security policies including Written Information Security Programs, document management, and incident response plans.
- Coordinated internal investigations of healthcare data breaches, subsequent patient notice, communication with the Department of Health & Human Services Office of Civil Rights (“OCR”) and development of corrective steps. OCR closed the case taking no further action and noting the voluntary compliance efforts of the entity.
- Prepared and reviewed company policies including Written Information Security Programs, document management, social networking and incident response.
- Conducted internal investigation of processes and procedures of professional sports league, including analysis of discipline by league of teams, coaches and players, and of document management policy.
- Conducted an internal investigation of a large-scale data leak of personnel information at a Fortune 100 Corporation; interviewing relevant employees and preparing a report and recommendations for the Executive Board.
- Advised clients on proper security measures in connection with employee and customer personal information.
- Pennsylvania Bar Association
- New York Bar Association
- American Bar Association National Institute on Cybersecurity, Co-Chair
- The Sedona Conference Working Group Series Leadership Council, Member
- The Sedona Conference Working Group 11 on Data Security and Privacy Liability
- Leader of Model Data Breach Notification Law Brainstorming Group
- Former Steering Committee Member
- Carnegie Mellon University CISO-Executive Program, Faculty Member
- Children’s Museum of Pittsburgh, Board Member
- Chuck Cooper Foundation, Vice President and Board Member
- Yale Day of Service, Co-Chair
Awards and Recognition:
- Selected for inclusion in The Best Lawyers in America – Privacy and Data Security Law (2017 – 2021) and Commercial Litigation (2015 – 2021)
News and Insights
- “Updated Joint Guidance on the Application of FERPA and HIPAA to Student Health Records,” Eckert Seamans’ Data Security & Privacy Alert, February 2020.
- “When poor vendor vetting leads to exposed health data,” The Parallax View, May 7, 2021.
- Radio interview with Lynn Hayes-Freeland about Cyber Monday: 7 tips for safer online shopping, 1020 KDKA, December 2, 2019.
- “Eckert Seamans Hires Buchanan Ingersoll Cybersecurity Vet,” Law360, September 2018.
- “Lessons and Trends from FTC’s 2017 Privacy and Data Security Update: Workshops and Guidance (Part Two of Two),” The Cybersecurity Law Report, February 2018.
- “Lessons and Trends from FTC’s 2017 Privacy and Data Security Update: Enforcement Actions (Part One of Two),” The Cybersecurity Law Report, January 2018.
- “Eckert Seamans’ Matthew Meade named to lead group charged with drafting new model data breach notification law,” January 2019.
- “Legal Issues Associated with Responding to and Remediating a Cyber Attack,” also presented “Interactive Cyber Incident Exercises” for the County Commissioners Association of Pennsylvania program, KEYS: The Anatomy of a Cyber Claim, May 2021.
- “Practice Makes Perfect: A Proactive Approach to Cybersecurity,” presenter, Eckert Seamans’ Legal Primer Series (Part 1), April 14,
- “Executive Roundtable on Regulations and Privacy,” panelist, Converge20, October 2020.
- “Model data breach notification law,” panelist, The Sedona Conference Working Group 11 Midyear Meeting 2020, September 2020.
- “Privacy Update,” Pennsylvania Bar Institute Cyberlaw Update 2020, September 2020.
- “Anatomy of a Data Breach,” panelist, TextIQ’s The Inevitable 2020 webinar series, September 2020.
- “Data Breach Scenario Panel” Moderator and panel presenter at the 2019 Cyber Law and Privacy Symposium, Hosted by Carnegie Mellon University, May 2019.
- “News You Can Use: A review of recent judicial, legislative, and regulatory developments of significance to employers,” co-presented at Eckert Seamans’ Human Resources Forum, April 2019.
- “The Net without Neutrality: Economic, Regulatory, and Informational Access Impacts,” co-presenter, University of Pittsburgh Law Review 80th Publishing Anniversary Symposium, March 2019.
- “Cybersecurity: An Analysis of the Legal Landscape and Best Practices,” presenter, Eckert Seamans’ Continuing Legal Education Seminar, August 2018.
- “Interactive Breach Scenarios,” presented at the NetDiligence Cyber Risk Summit, June 2018.
- “Practice Makes Perfect: A Proactive Approach to Cybersecurity in an Interconnected Hotel Industry” presented at the Hotel & Lodging Legal Summit at Georgetown University Law Center, October 2017.
- “Cybersecurity: There ARE Things Lawyers Can and Should Do,” CLE presentation, October 2017.
- “You’ve Got Hacked: How to protect yourself against campaign data security dangers and liabilities,” panel presentation at the American Association of Political Consultants’ 2017 Annual Pollie Awards & Conference, March 2017.